Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp644037pxu; Fri, 11 Dec 2020 10:40:01 -0800 (PST) X-Google-Smtp-Source: ABdhPJyHWVsaESjwUJqOfgmKRZQeoR1/u1O1QcHRavOvehyYlU4bxdRgkLcMb8BYKZSInrLWvuJe X-Received: by 2002:a17:906:391b:: with SMTP id f27mr11835369eje.195.1607712000952; Fri, 11 Dec 2020 10:40:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607712000; cv=none; d=google.com; s=arc-20160816; b=AWoHzHfw+g0hvXhg/uR2FXVQwTl6bUlDwZ4e8pL84fCluzZbEnIi4CIpECxKNjSMg1 1CgYVZ8EpEoi8Jq28c7NLlwbB3A3Hmu4EoQ7BCJQMmWb1Pv8sHXWPZ/PmUg8wmwUSsK7 iSi0KRmKNT3oNfUS4ykVn1NitJfDE2ktFd7rQY85+OJdXStgKxoLwkrOK/6Ot0GhwT8a VerXr8mbPvcktB4LjtQZ8GHdec/JyVTIyDsObI+T5kub62IKd394sz6Yu3UvtH1oJhfw PAW1SH//Te7OwsX3lkhECjYxo6DKqQ6QA31ToAv2r+DDJGa+bu+gMOQQ4UtCk4qC9Pyu IV1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=fK9M2Wp5EPy/rZWDTuKilqNsl5tbRjp0r29Nw6g7JRw=; b=Q+rAl2nVlBGzPwtI/V79Nn3RrWbABuyceJAiIpzeL97+Pl3qttjMONQ9/h8Mp3g7tP regzrSj6LkDqsOUrySiU99P+vJgQCE3f9gjN+MGPiY07ciYjfUjrWLdEjmxjP5iOq+Y1 35+BORG1UOX1tBwOtoViUgCJeu642exZmERwsvvwrXcaCRwQt1zATxQVxLSoTDqIx+ff Wbx/ODr/zt19vjhTO4XmtAwt7vLZNVnvbSBSyIZ2rJUq3CTm7bjAD73UdcRmtpIYKl/5 W96QKlQC1mMpMyeZYb/K4lrBRXu17uSFnLNptiSfK/jk8SK2zCB1thpLaLnLk2ZnLtmk ZDVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=CN9emkY8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y7si5431334edp.7.2020.12.11.10.39.37; Fri, 11 Dec 2020 10:40:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=CN9emkY8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2437939AbgLKQXo (ORCPT + 99 others); Fri, 11 Dec 2020 11:23:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34018 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2406724AbgLKQXT (ORCPT ); Fri, 11 Dec 2020 11:23:19 -0500 Received: from mail-il1-x141.google.com (mail-il1-x141.google.com [IPv6:2607:f8b0:4864:20::141]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 997B0C0613D6 for ; Fri, 11 Dec 2020 08:22:38 -0800 (PST) Received: by mail-il1-x141.google.com with SMTP id t9so9298166ilf.2 for ; Fri, 11 Dec 2020 08:22:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fK9M2Wp5EPy/rZWDTuKilqNsl5tbRjp0r29Nw6g7JRw=; b=CN9emkY8Ndd7hrLtL7NEKu7+1jJhkdb8A0Uw2XbmScJ1J7nHzla641qKJ69HY3qfDE /0KnVMaEocK7P7qt+MP3PRhPvO4jK9IFwxRw0a/fZNhTLMhJKbwdKswOBC3uvvzwHNLi eNpFlrlYKqB38mehEEwf4RJnNFU51SbDpmXdZNE7D2B0hKLyNju/m/Sz0DBf2MW0vwu9 obQx8KjCz9vbSQXGM6Yj6hSDppsaybWEd4f+g+tKrMU/33SW20pTRkmLUF+mhAF9I46+ qFDn3jvTOtrBGJbP0d0tcHLLjzbvWJUb/QtuexMvMZ1ywYYu1i6GHxNcY5AoLViqKcuY bM4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fK9M2Wp5EPy/rZWDTuKilqNsl5tbRjp0r29Nw6g7JRw=; b=LbqHn+8WaYwB8iinKfN0qdHfZWV3bJNlLaVzSfYhjj2WkMC+41gEUr0A90ONA4XNth 65oaw57HtzXTdC3pGhFljfpr123Nm421wSdU1QraVqkz2ltjUr3zb4SvKP6PKZjJgoq4 vOezXK9ld7Yplwm50UsXFnQEpunA3Rlbb1z3RjZ8kyHbeUo8YqsCyW2gvBQRefQj/dqL GEIwPhCMu/4LBsfyzIDJWWpsgSGXV5VWlELg5eIBAn/VxEojLV5bRu38/DT+hcMggpDs NTsDmZfVTSvZjtHismdY5IaSN9b6bB5EX4C3ZWe2lJhOV0mU8xv0DlTy7GeIjbdwu5aQ 02eQ== X-Gm-Message-State: AOAM533/sLXlDskqdqY4hnJKqwBwIRohrhMqpHa4xazS+M/OTRM7Ul/7 dF/Li9iiksdHEeOiKo8hm14QA+VxZs705/tt0WL3kw== X-Received: by 2002:a92:da82:: with SMTP id u2mr16565037iln.137.1607703757692; Fri, 11 Dec 2020 08:22:37 -0800 (PST) MIME-Version: 1.0 References: <160765171921.6905.7897898635812579754.stgit@localhost.localdomain> In-Reply-To: From: Eric Dumazet Date: Fri, 11 Dec 2020 17:22:26 +0100 Message-ID: Subject: Re: [net PATCH] tcp: Mark fastopen SYN packet as lost when receiving ICMP_TOOBIG/ICMP_FRAG_NEEDED To: Alexander Duyck Cc: Yuchung Cheng , David Miller , Jakub Kicinski , Alexey Kuznetsov , Hideaki YOSHIFUJI , netdev , LKML , Martin KaFai Lau , kernel-team Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Dec 11, 2020 at 5:03 PM Alexander Duyck wrote: > That's fine. I can target this for net-next. I had just selected net > since I had considered it a fix, but I suppose it could be considered > a behavioral change. We are very late in the 5.10 cycle, and we never handled ICMP in this state, so net-next is definitely better. Note that RFC 7413 states in 4.1.3 : The client MUST cache cookies from servers for later Fast Open connections. For a multihomed client, the cookies are dependent on the client and server IP addresses. Hence, the client should cache at most one (most recently received) cookie per client and server IP address pair. When caching cookies, we recommend that the client also cache the Maximum Segment Size (MSS) advertised by the server. The client can cache the MSS advertised by the server in order to determine the maximum amount of data that the client can fit in the SYN packet in subsequent TFO connections. Caching the server MSS is useful because, with Fast Open, a client sends data in the SYN packet before the server announces its MSS in the SYN-ACK packet. If the client sends more data in the SYN packet than the server will accept, this will likely require the client to retransmit some or all of the data. Hence, caching the server MSS can enhance performance. Without a cached server MSS, the amount of data in the SYN packet is limited to the default MSS of 536 bytes for IPv4 [RFC1122] and 1220 bytes for IPv6 [RFC2460]. Even if the client complies with this limit when sending the SYN, it is known that an IPv4 receiver advertising an MSS less than 536 bytes can receive a segment larger than it is expecting. If the cached MSS is larger than the typical size (1460 bytes for IPv4 or 1440 bytes for IPv6), then the excess data in the SYN packet may cause problems that offset the performance benefit of Fast Open. For example, the unusually large SYN may trigger IP fragmentation and may confuse firewalls or middleboxes, causing SYN retransmission and other side effects. Therefore, the client MAY limit the cached MSS to 1460 bytes for IPv4 or 1440 for IPv6. Relying on ICMP is fragile, since they can be filtered in some way.